Forum Discussion

Ozzy's avatar
Ozzy
Icon for Altocumulus rankAltocumulus
Sep 10, 2024

Certificate server name issue--wildcard certificate

Hello all,

I have one virtual server, and I have a policy behind it that redirects to multiple pools. The problem is that my customer requested a certificate for a few applications and requested it as wildcard.xyz.com. However, the application has two dns records as xyz.com and www.xyz.com. Of course, when I call the page as xyz.com, I get a certificate error (not a secure connection).
Here, my policy record is as follows: if the host "xyz.com or www.xyz.com" is owned by the host, redirect the traffic to the xyz-pool.

I wrote a redirect irule to overcome this. But it didn't work.
The rule is like this:

 when HTTP_REQUEST { if {[HTTP::host] equals "xyz.com"} { HTTP::redirect "https://www.xyz.com[HTTP::uri]" } }   

anyone have any ideas or suggestion?

Thank you in advance for your answers

application delivery
cloud
devops
  • zamroni777's avatar
    zamroni777
    Icon for Nacreous rankNacreous
    Sep 10, 2024

    it is better to use local traffic policy for better performance and avoid typo

     

  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cumulonimbus rankCumulonimbus
    Sep 10, 2024

    Can you try this

     

    when HTTP_REQUEST {

      if { [HTTP::host] equals "xyz.com"} {

          HTTP::redirect "http://www.xyz.com"

        }

      }

    }

     

    Also if you are creating a certificate, you can add all required field name as SAN in certificate signing request and use it in SSL profile

  • Ozzy's avatar
    Ozzy
    Icon for Altocumulus rankAltocumulus
    Sep 11, 2024

    it does not work, for both advice! because certificates work at layer6.. we could not directly manipulate with layer6 with F5 .. If some one has special trick..

    • zamroni777's avatar
      zamroni777
      Icon for Nacreous rankNacreous
      Sep 13, 2024

      you need to have trusted certificate for both xyz.com and "www.xyz.com"
      without that, browser wont make tls session with xyz.com hence will also never send l7 http request to xyz.com.

      if you dont have trusted certificate for xyz.com,
      then you wont be able to make browser-trusted ssl server on that hostname.